From patchwork Wed Nov 20 14:50:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alice Ryhl X-Patchwork-Id: 13881317 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19DC0D711A7 for ; Wed, 20 Nov 2024 14:56:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 700FE6B009F; Wed, 20 Nov 2024 09:56:34 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6B22D6B00A1; Wed, 20 Nov 2024 09:56:34 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 48D0E6B00A0; Wed, 20 Nov 2024 09:56:34 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 266FC6B009E for ; Wed, 20 Nov 2024 09:56:34 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id D3BEDC0CDC for ; Wed, 20 Nov 2024 14:56:33 +0000 (UTC) X-FDA: 82806773154.24.B87992A Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) by imf11.hostedemail.com (Postfix) with ESMTP id C14774001E for ; Wed, 20 Nov 2024 14:55:27 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=EvQxDuLr; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf11.hostedemail.com: domain of 3nvg9ZwkKCMcnyvpr4Buyt11tyr.p1zyv07A-zzx8npx.14t@flex--aliceryhl.bounces.google.com designates 209.85.221.74 as permitted sender) smtp.mailfrom=3nvg9ZwkKCMcnyvpr4Buyt11tyr.p1zyv07A-zzx8npx.14t@flex--aliceryhl.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732114500; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UwChOJ9zAIfe8IedX9D+YlgaCTQORbfAqxOhT4faXfc=; b=BVTx/AyVdPlj099ScmYvDP/txAYThRpbCHt6BDGaTV+HW5c3rdsGzebDa+HWV82SLqFhI/ HNlIga+iPfOygW7sk7aAdb3AH5s4s2H2a/GgJKmsI6c5J8kbgdKyF1sBO9gwcSW3l7mA84 2pXz/2xVBDunpvYrmasR/cbt4R4hMMk= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=EvQxDuLr; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf11.hostedemail.com: domain of 3nvg9ZwkKCMcnyvpr4Buyt11tyr.p1zyv07A-zzx8npx.14t@flex--aliceryhl.bounces.google.com designates 209.85.221.74 as permitted sender) smtp.mailfrom=3nvg9ZwkKCMcnyvpr4Buyt11tyr.p1zyv07A-zzx8npx.14t@flex--aliceryhl.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732114500; a=rsa-sha256; cv=none; b=8n4N+OKy1/fAhTiatKCZ+sA9kk3GkSgjL3LjxRyfFM1eegQ1cAregC6eJWhhpUjA2BENuX oFDGHYKB+DB9fQdODD/HDbWf6oQXkYwXkEdfXcu9v1iRemp69Q6LD7IsQYV2B6lqFl1bHj voD+2CNWWcr4rcTD9ZDNaPmT4Nbhv0s= Received: by mail-wr1-f74.google.com with SMTP id ffacd0b85a97d-38256bf4828so310507f8f.1 for ; Wed, 20 Nov 2024 06:56:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1732114590; x=1732719390; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=UwChOJ9zAIfe8IedX9D+YlgaCTQORbfAqxOhT4faXfc=; b=EvQxDuLrzTC/kegjiW3s5HaZH2pXUiKqGgUxP2eZvuw89W/79HkRCROEKcQHd7ZGxZ 3E3J/isgzUamEG0TdZRVWWtfvKKjLV9kO0VRlaik05UyVXORyM8Yr0SdxYuzM8s91fbK 1QpbyWmlk37PVZ5Q+s8YJNbTb1FOzWwNBbTsZgH4kfijge/d7rGuX+7OrLt3G8oHZr2x U27JJi/f+mesEhVGkQ5HtbBo5aR5whj02dVV8imbQ92QCewKCjlyMM0tT4vBm9VchS/+ jbCID7oYMkUvlWh6PbACmipFEVAIw7jzBoLemp5dbCctLEX6GK2CiXkNwbg1RlRn+SHw xEfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732114590; x=1732719390; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=UwChOJ9zAIfe8IedX9D+YlgaCTQORbfAqxOhT4faXfc=; b=kgLXkN2FmRuAWGuRknG/u5S735Rv2ZRhWHibkDoMYyqy979JWa/3wHtQpC+u5Y4xMe XvLz8eNcz4xQgak7dNni2cKuVbh/NAw9307mD/88ta2uBbqxwoAP5LsBbq8lSL/W98Ec lL5gGPCritv4ObN4dKfnIDyCAnmsEV8fmWYQnSTUghiK7pDWKl0iacGDc0nUdxRBTnQr DLZAxmXElJUue4tZH5Vw3dO8u5MfP9UqnheRFVC/gcXtlhp+WNPqZIoDnhhB2kgcjBC1 ZzOxIEdTNf1nKlpcLiQo3k/LYL8fxOy7S4nTTt3adgPPGomZ47rjaAFJih7MMjIp5gGI sQaA== X-Forwarded-Encrypted: i=1; AJvYcCWbJakJeYEfyhJbsw28LfxMStj6cZXLpgDCyVy2JQMyjDATWInKSKVVuY5ETniqit4hq6Gr3kfF7A==@kvack.org X-Gm-Message-State: AOJu0YySuomljHbJhko3gkeouhZmAgG9PuNPX6fS6PT1VkkdYEIe0szx uKZDKDY3kj4QVK+A+OUad2IKN00U4YanKxhnjnkHhxvUBJo4hjV25Wvji+Pg3JXenJXUgb6aJd0 7zAVVivZxRLI47w== X-Google-Smtp-Source: AGHT+IHXbdV8HAQ4+Suef2mPnmtDgGLMdzhu1f1M8BZUgtuk+G0K3LivSZuvpPIt1xjcvlwyptBDB6mRFKUQlaU= X-Received: from aliceryhl.c.googlers.com ([fda3:e722:ac3:cc00:68:fe9:ac10:f29e]) (user=aliceryhl job=sendgmr) by 2002:a5d:444b:0:b0:382:3b1a:1870 with SMTP id ffacd0b85a97d-382544b5d4bmr1125f8f.2.1732114590361; Wed, 20 Nov 2024 06:56:30 -0800 (PST) Date: Wed, 20 Nov 2024 14:50:00 +0000 In-Reply-To: <20241120-vma-v8-0-eb31425da66b@google.com> Mime-Version: 1.0 References: <20241120-vma-v8-0-eb31425da66b@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=7325; i=aliceryhl@google.com; h=from:subject:message-id; bh=GxeBG0VLgiYY7aoOP2RaPrBmc8r79aoXtEJ4vi7OY7A=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBnPfiLpdbSAArUzD356S1Rdhs5xf34Ng/4olKS2 zZLQlqEVN6JAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZz34iwAKCRAEWL7uWMY5 RihJEACjPpazX+vyEm1GGkDxAIjC2Z0e2x4wQhJDGkGfba15BJ7OdktI8JOyxO4017dJv7XCJE2 OK+70me6wb/vPIGBpARjasmBRsFqaWj33HTt1PEH+AHdNRkVxswHxI5VMyAqQptj05zDgBFlLA+ pELHaN5ryoaVBTyMbpNCl5l3L3mMgagvMJupYAsGhl/NuPbLAzrAcTJpklnovug1YMbz2qXblbO kZQq818LxO5ybuOlDxESimOZvwO/0X8dqnBHHB6RSgzsbH2WBwpTUjasTqFEFJAAdcjYwYGRPyy yDGqkIDT4zK+A1mvjaTbYEexaoFbkmVufawcJ+sJlPsyfJOJmaW1zqteMwMUHZTpgHqWaDoU2El 6/Cnz20ExMDZSdITnhC4No7JB2fyu6VSmp2Aor9F7uLIdVIU2DeBjq8dkTovFnTS+TGtrMlSMj/ Ci9+qIFkfEOc1w8OBPZFbg1CVnuL3zWzP5c3Z7E845AFM557AtWKQqKNFglOOn1CXmskiZEPWsM y2lk0A+cmA/1wgD04mcczeJqeAL733Oyea4JeEwhAlod49osPNU5t2OxdO/MUB+wWy7BDcEKpyj /CZlEDcP/JoXoioDlwssN3+EJNhN88t5exP5y3//5S1kP4i1ip5KuZWp9yhkc9cLDxjERVAQHCB eDHl3Ean9iBRSrQ== X-Mailer: b4 0.13.0 Message-ID: <20241120-vma-v8-6-eb31425da66b@google.com> Subject: [PATCH v8 6/7] mm: rust: add VmAreaNew From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Lorenzo Stoakes , Vlastimil Babka , John Hubbard , "Liam R. Howlett" , Andrew Morton , Greg Kroah-Hartman , Arnd Bergmann , Christian Brauner Cc: Alex Gaynor , Boqun Feng , Gary Guo , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , linux-kernel@vger.kernel.org, linux-mm@kvack.org, rust-for-linux@vger.kernel.org, Alice Ryhl , Andreas Hindborg X-Rspam-User: X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: C14774001E X-Stat-Signature: o376czd7ipgg6sckjqgq1z31ag6htxc5 X-HE-Tag: 1732114527-71946 X-HE-Meta: U2FsdGVkX18UUv7JS9AbKfLD9MAyNeuIW9X+oVruSXYcdrskDHbNDcIyXvTQ6th3OOSgX9rPQkjpqwcdx3pVqfQ+IFoZLPzpKn9/TL1h7N+a0q5p1voGykI4VtcdzllrLgdF7CRHmxMo6qZyLn1Vrqxxj4QbKSGWTckhS+nklWFMf03YzjDPDqyXtcmQOc7AF4g/nHlgx4vXU5lbHz94lotTKXlIgpMwxHd7jG2GF9rh6Ju7EWKwa8wDHqdxx9UWNxSknv5jDn8LoqXmfvSi4qlg96b1fGuKTXWm9xn2xofyRqcJM6dWtX7VoBboW0FaOYOi+fLfiOJkUxp5iWTcG8OVaq3o/XHT6g1rukxUnpikL5yKGbsXo0raAWp6u08NhMG0vkA+KOw+dvVkeGDAY7NqAgfPCa4n2mkWIFXSX3u0SOmNKEN0zBAF765knXT3XuTCoQaIITl0iOBoA0/GEhxF5WpidZxkUD8gvuBxWbnGBzpLpJYsmFjeFdHEXzEYCyvEB07GGHTpASp7oJ7guVp9Q58WhlYqHR7+qT2A39mU/EwU3jficp60juLyy0+s22AoX1o6BDHvd+ei761HARNe2cIPXuEsg49TFprCduO253E4KxpVNtetpZSS+CJl2lHWITzpc5XCDihUQ9dP8u7wxR2fnn6wkOvun1Cy8MZRvuZzSqWTuzhOsvCxprLjPWKCKMVIpOfR3mvojNJNIz4k8EZ0NenSK/ei4HqOYjtySOHrfedrJYaVF4PyrBgbp+hE8bur1oDLEH18/4IVuwECr1HSfK1WYT8Nw0C5vQjnTX7nmSKVD8gGfCeyDqNfC4t2fNCfaaG7+euk9/ZnpImsTFvoSDNaa43Ka9HlxnQg3wPK2A78f67w2ye9NqAiqcwxtqH6E7pKI00nD8PXK38prk2vd42M/Bbkbj37AwhhaurVlTQ8jH6hYBRFgX/gF/cM2u4cgisGy1+DziK 24anHizf QbwsQ3niQbyvYyVQi/mNC8dmpyNoiGN3YGOAXNbqgWDUh9fBUaWObDmhKklBnOK33BeV7ZsBSvzDAJFOix7JYxT4fVg0AbuogtGnwbqlB28nR9XGZCMmeP/40dZmaA0pA19I91QOI0WOWmUJJhyHNyHDjjZpu9JK7oDHP6GLScZ8PnDqZqwriJTgHBBKdLeWGDXvfDcDVuN4mxj66NugtS8m71+ElsjvkQD9ERlXULtHFGAMKsrUtQ1WD0X7uz19gUcsKSwY1Pipt7M/rcrBj0et7L3ZzmKbQ6tLwoe6rvsd+x6eTiEp1ZW8FLa0z1izW/NbtA4OoA0Ur8oviKSJDlj78F3Qf9IJhzcH8Mrg18sIrS+TmI9di/VsyKI/FLDf7cA0D7fjXykHbttXblDgeOOH6hByanWguObZ23vEFKWi5PZV4ITFjSKoP5Dyup5ys6awwAumDiwREbowWN2FYhPkq9yJKVP+tef85DSIiSVA6r29i3/xn8ipp1tVsfLDXSHKT5PronRDwkkmU1tqCQuUJrXxxWpTLD6VM2otYday98rpOkt17qJQMXTdkEHVVilaDGDZZRuE0sJctS/B6rDi8XZ2gtyWqzwxc14AETlCBxrI9mb5T7IA67O1KWOHomrYNZ5P6mDZDabw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When setting up a new vma in an mmap call, you have a bunch of extra permissions that you normally don't have. This introduces a new VmAreaNew type that is used for this case. To avoid setting invalid flag values, the methods for clearing VM_MAYWRITE and similar involve a check of VM_WRITE, and return an error if VM_WRITE is set. Trying to use `try_clear_maywrite` without checking the return value results in a compilation error because the `Result` type is marked #[must_use]. For now, there's only a method for VM_MIXEDMAP and not VM_PFNMAP. When we add a VM_PFNMAP method, we will need some way to prevent you from setting both VM_MIXEDMAP and VM_PFNMAP on the same vma. Signed-off-by: Alice Ryhl --- rust/kernel/mm/virt.rs | 169 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 168 insertions(+), 1 deletion(-) diff --git a/rust/kernel/mm/virt.rs b/rust/kernel/mm/virt.rs index de7f2338810a..22aff8e77854 100644 --- a/rust/kernel/mm/virt.rs +++ b/rust/kernel/mm/virt.rs @@ -6,7 +6,7 @@ use crate::{ bindings, - error::{to_result, Result}, + error::{code::EINVAL, to_result, Result}, page::Page, types::Opaque, }; @@ -148,6 +148,173 @@ pub fn vm_insert_page(&self, address: usize, page: &Page) -> Result { } } +/// A builder for setting up a vma in an `mmap` call. +/// +/// # Invariants +/// +/// For the duration of 'a, the referenced vma must be undergoing initialization. +pub struct VmAreaNew { + vma: VmAreaRef, +} + +// Make all `VmAreaRef` methods available on `VmAreaNew`. +impl Deref for VmAreaNew { + type Target = VmAreaRef; + + #[inline] + fn deref(&self) -> &VmAreaRef { + &self.vma + } +} + +impl VmAreaNew { + /// Access a virtual memory area given a raw pointer. + /// + /// # Safety + /// + /// Callers must ensure that `vma` is undergoing initial vma setup for the duration of 'a. + #[inline] + pub unsafe fn from_raw<'a>(vma: *const bindings::vm_area_struct) -> &'a Self { + // SAFETY: The caller ensures that the invariants are satisfied for the duration of 'a. + unsafe { &*vma.cast() } + } + + /// Internal method for updating the vma flags. + /// + /// # Safety + /// + /// This must not be used to set the flags to an invalid value. + #[inline] + unsafe fn update_flags(&self, set: vm_flags_t, unset: vm_flags_t) { + let mut flags = self.flags(); + flags |= set; + flags &= !unset; + + // SAFETY: This is not a data race: the vma is undergoing initial setup, so it's not yet + // shared. Additionally, `VmAreaNew` is `!Sync`, so it cannot be used to write in parallel. + // The caller promises that this does not set the flags to an invalid value. + unsafe { (*self.as_ptr()).__bindgen_anon_2.vm_flags = flags }; + } + + /// Set the `VM_MIXEDMAP` flag on this vma. + /// + /// This enables the vma to contain both `struct page` and pure PFN pages. Returns a reference + /// that can be used to call `vm_insert_page` on the vma. + #[inline] + pub fn set_mixedmap(&self) -> &VmAreaMixedMap { + // SAFETY: We don't yet provide a way to set VM_PFNMAP, so this cannot put the flags in an + // invalid state. + unsafe { self.update_flags(flags::MIXEDMAP, 0) }; + + // SAFETY: We just set `VM_MIXEDMAP` on the vma. + unsafe { VmAreaMixedMap::from_raw(self.vma.as_ptr()) } + } + + /// Set the `VM_IO` flag on this vma. + /// + /// This marks the vma as being a memory-mapped I/O region. + #[inline] + pub fn set_io(&self) { + // SAFETY: Setting the VM_IO flag is always okay. + unsafe { self.update_flags(flags::IO, 0) }; + } + + /// Set the `VM_DONTEXPAND` flag on this vma. + /// + /// This prevents the vma from being expanded with `mremap()`. + #[inline] + pub fn set_dontexpand(&self) { + // SAFETY: Setting the VM_DONTEXPAND flag is always okay. + unsafe { self.update_flags(flags::DONTEXPAND, 0) }; + } + + /// Set the `VM_DONTCOPY` flag on this vma. + /// + /// This prevents the vma from being copied on fork. This option is only permanent if `VM_IO` + /// is set. + #[inline] + pub fn set_dontcopy(&self) { + // SAFETY: Setting the VM_DONTCOPY flag is always okay. + unsafe { self.update_flags(flags::DONTCOPY, 0) }; + } + + /// Set the `VM_DONTDUMP` flag on this vma. + /// + /// This prevents the vma from being included in core dumps. This option is only permanent if + /// `VM_IO` is set. + #[inline] + pub fn set_dontdump(&self) { + // SAFETY: Setting the VM_DONTDUMP flag is always okay. + unsafe { self.update_flags(flags::DONTDUMP, 0) }; + } + + /// Returns whether `VM_READ` is set. + /// + /// This flag indicates whether userspace is mapping this vma as readable. + #[inline] + pub fn get_read(&self) -> bool { + (self.flags() & flags::READ) != 0 + } + + /// Try to clear the `VM_MAYREAD` flag, failing if `VM_READ` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma readable with + /// `mprotect()`. + #[inline] + pub fn try_clear_mayread(&self) -> Result { + if self.get_read() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYREAD` is okay when `VM_READ` is not set. + unsafe { self.update_flags(0, flags::MAYREAD) }; + Ok(()) + } + + /// Returns whether `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is mapping this vma as writable. + #[inline] + pub fn get_write(&self) -> bool { + (self.flags() & flags::WRITE) != 0 + } + + /// Try to clear the `VM_MAYWRITE` flag, failing if `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma writable with + /// `mprotect()`. + #[inline] + pub fn try_clear_maywrite(&self) -> Result { + if self.get_write() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYWRITE` is okay when `VM_WRITE` is not set. + unsafe { self.update_flags(0, flags::MAYWRITE) }; + Ok(()) + } + + /// Returns whether `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is mapping this vma as executable. + #[inline] + pub fn get_exec(&self) -> bool { + (self.flags() & flags::EXEC) != 0 + } + + /// Try to clear the `VM_MAYEXEC` flag, failing if `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma executable with + /// `mprotect()`. + #[inline] + pub fn try_clear_mayexec(&self) -> Result { + if self.get_exec() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYEXEC` is okay when `VM_EXEC` is not set. + unsafe { self.update_flags(0, flags::MAYEXEC) }; + Ok(()) + } +} + /// The integer type used for vma flags. #[doc(inline)] pub use bindings::vm_flags_t;